[whatwg] Sandboxing ideas
Alexey Feldgendler
alexey at feldgendler.ru
Mon May 14 14:11:20 PDT 2007
On Mon, 14 May 2007 22:29:57 +0200, Michel Fortin
<michel.fortin at michelf.com> wrote:
> I was pointing out a solution for the problem of separate HTTP requests
> on a forum page. Used in conjunction with some previously-suggested
> security attributes on <iframe>, it could do a pretty good sandbox for
> use comments on a page.
>
> If you want the sandbox to degrade securely in older browsers, then this
> is not a solution.
Yes, I want the sandbox to degrade securely, as does any webmaster who
might be going to allow some user-supplied scripting while relying on
sandboxing for security. To cover its use cases, this feature must degrade
securely.
> But I don't think there's a nice solution to that anyway.
This does degrade securely, doesn't require separate HTTP requests, and
maintains human readability.
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2005-December/005301.html
However, I admin that it's not quite “nice” (as in “æsthetics”).
--
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
More information about the whatwg
mailing list